Package org.forgerock.opendj.io.rx

Class ProxyProtocolHeader

  • public final class ProxyProtocolHeader
extends Object
    This class defines the proxy protocol header as it is described in the proxy protocol documentation. If the proxy protocol is enabled on DS and the proxy ip address is allowed, this header will be parsed at the beginning of the LDAP connections to extract the original IP address and the SSL information, if present, of the proxied client application. Both versions of the proxy protocol (version 1 and version 2) are supported.

    • Field Detail

      • PP2_TYPE_ALPN

        public static final Byte PP2_TYPE_ALPN
        Application-Layer Protocol Negotiation (ALPN). It is a byte sequence defining the upper layer protocol in use over the connection. The most common use case will be to pass the exact copy of the ALPN extension of the Transport Layer Security (TLS) protocol as defined by RFC7301.

      • PP2_TYPE_AUTHORITY

        public static final Byte PP2_TYPE_AUTHORITY
        Contains the host name value passed by the client, as an UTF8-encoded string. In case of TLS being used on the client connection, this is the exact copy of the "server_name" extension as defined by RFC3546 [10], section 3.1, often referred to as "SNI". There are probably other situations where an authority can be mentioned on a connection without TLS being involved at all.

      • PP2_TYPE_CRC32C

        public static final Byte PP2_TYPE_CRC32C
        The value of the type PP2_TYPE_CRC32C is a 32-bit number storing the CRC32c checksum of the PROXY protocol header.

      • PP2_TYPE_NOOP

        public static final Byte PP2_TYPE_NOOP
        The TLV of this type should be ignored when parsed. The value is zero or more bytes. Can be used for data padding or alignment. Note that it can be used to align only by 3 or more bytes because a TLV can not be smaller than that.

      • PP2_TYPE_UNIQUE_ID

        public static final Byte PP2_TYPE_UNIQUE_ID
        The value of the type PP2_TYPE_UNIQUE_ID is an opaque byte sequence of up to 128 bytes generated by the upstream proxy that uniquely identifies the connection.

      • PP2_TYPE_SSL

        public static final Byte PP2_TYPE_SSL
        Type of the SSL TLV.

      • PP2_TYPE_NETNS

        public static final Byte PP2_TYPE_NETNS
        The type PP2_TYPE_NETNS defines the value as the US-ASCII string representation of the namespace's name.

    • Method Detail

      • newLocalProxyProtocolHeader

        public static ProxyProtocolHeader newLocalProxyProtocolHeader​(int version)
        Returns a new proxy protocol header with a local command.
        Parameters:
        version - the proxy protocol version. Valid values are 1 and 2.
        Returns:
        a new proxy protocol header with a local command.
        Throws:
        IllegalArgumentException - if the version in invalid.

      • newProxyProtocolHeader

        public static ProxyProtocolHeader newProxyProtocolHeader​(int version,
                                                         InetSocketAddress clientAddress,
                                                         InetSocketAddress proxyAddress)
                                                  throws IllegalArgumentException
        Returns a new proxy protocol header with a proxy command: the connection is relayed on behalf of a client.
        Parameters:
        version - the proxy protocol version. Valid values are 1 and 2.
        clientAddress - the effective client address (source address) or null if the address is not an InetSocketAddress.
        proxyAddress - the proxy address (destination address) or null if the address is not an InetSocketAddress.
        Returns:
        a new proxy protocol header with a proxy command.
        Throws:
        IllegalArgumentException - if the version in invalid.

      • newProxyProtocolHeader

        public static ProxyProtocolHeader newProxyProtocolHeader​(int version,
                                                         InetSocketAddress clientAddress,
                                                         InetSocketAddress proxyAddress,
                                                         ProxyProtocolHeader.SslTlv sslTlv)
                                                  throws IllegalArgumentException
        Returns a new proxy protocol header with a proxy command: the connection is relayed on behalf of a client.
        Parameters:
        version - the proxy protocol version. Valid values are 1 and 2.
        clientAddress - the effective client address (source address) or null if the address is not an InetSocketAddress.
        proxyAddress - the proxy address (destination address) or null if the address is not an InetSocketAddress.
        sslTlv - information describing if and how the client connected using SSL.
        Returns:
        a new proxy protocol header with a proxy command.
        Throws:
        IllegalArgumentException - if the version is invalid.

      • getVersion

        public int getVersion()
        Returns the version of the header.
        Returns:
        The version (1 or 2).

      • isLocalCommnand

        public boolean isLocalCommnand()
        Returns whether this proxy header represents a LOCAL command. Effectively, a connection established directly on the behalf of the proxy.
        Returns:
        true if the connection has been established on the behalf of the proxy. false if the connection has been established on the behalf of a client.

      • getProtocol

        public String getProtocol()
        Returns the transport protocol used by the client to communicate with the proxy.
        Returns:
        The transport protocol (TCP4, TCP6 or UNKNKOWN)

      • getSourceAddress

        public InetSocketAddress getSourceAddress()
        Returns the proxied client's address.
        Returns:
        the proxied client's address.

      • getDestinationAddress

        public InetSocketAddress getDestinationAddress()
        Returns the proxy's address.
        Returns:
        the proxy's address.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • getTlvs

        public Map<Byte,​ByteString> getTlvs()
        Returns Additional information contained in the header as part of the Type-Length-Value.
        Returns:
        The TLVs.

      • getSslTlv

        public ProxyProtocolHeader.SslTlv getSslTlv()
        Returns the information about the SSL protocol that the client might be using on the connection.
        Returns:
        The SSL information.

      • getSslCipher

        public String getSslCipher()
        Returns the SSL cipher used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.
        Returns:
        the SSL cipher used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.

      • getSslVersion

        public String getSslVersion()
        Returns the SSL version used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.
        Returns:
        the SSL version used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.

      • isSsl

        public boolean isSsl()
        Returns true if the proxied client uses SSL. Always false for proxy protocol V1 as it does not contain SSL information.
        Returns:
        true if the proxied client uses SSL. Always false for proxy protocol V1 as it does not contain SSL information.